EU To Fine Santa Claus For Blatant GDPR Infringement

May 25, 2018

STRASBOURG, FRANCE - The May 25th deadline for GDPR compliance has arrived, and EU regulators are already gearing up to make an example of one of the most egregious violators: Father Christmas.

Long known for his clandestine operations and intrusive data collection practices – especially on minors – jolly old Saint Nicholas finds himself at the top of the EU's naughty list to the tune of the legislation's maximum penalty: 20 million euros or 4% of his worldwide annual turnover, whichever is greater.

To date, Mr. Claus has offered no form of an opt out for European Union citizens, has not updated his privacy policy, and has not taken any steps towards hiring a Data Protection Officer. Giovanni Butarelli, the jointly appointed European Data Protection Supervisor, underscored the fact that Santa Claus has made no apparent effort to comply with GDPR. "This is beyond negligence. The man is thumbing his rosy little nose at our efforts to protect consumers."

According to the framework laid out by GDPR, Kris Kringle is considered to be both a "data controller" and a "data processor". Both of these designations confer great responsibility with respect to stewardship of data collected from EU citizens, yet it appears that Père Noël is wholly unconcerned with these matters and continues to hide behind the North Pole's flimsy excuse for an extradition treaty.

When the holidays come around, Santa Claus may find himself subject to more than just fines. EU regulators suggest that repeated GDPR infractions and fine delinquency can amount to criminal charges in the EU. Absent a course correction, Santa may find himself on the Interpol Wanted Persons list. "Come December 24th, Mr. Claus may slide down a chimney in the EU and find himself in handcuffs", warned Butarelli.